Platform

Delphix Integrates HashiCorp Vault to Strengthen Data Security in Enterprise Infrastructure

Password management can be a headache. But thanks to our integration with HashiCorp Vault, customers can centrally store, access, and distribute dynamic secrets such as tokens, passwords, certificates, and encryption keys.

Ross Millenacker

Dec 23, 2020

In the world of information security, there is a growing trend of more and more organizations moving away from manual entry and storing of passwords within applications. As a result, InfoSec teams are setting policies that mandate new methods of authentication. One of the main avenues is through password vaults, where secrets are stored within a secure repository, rotated by policy, and automatically retrieved by applications needing to authenticate.

Today, we’re excited to announce that we deliver password vault support for infrastructure credentials with HashiCorp, an industry leader that truly embraces the longtail of modern authentication.

Delphix’s integration with HashiCorp Vault was certified as of late 2020, and we are now part of their enterprise infrastructure marketplace. We support HashiCorp Vaults for all Unix and Windows-based environments, and Oracle, SQL Server, and SAP ASE for database authentication via HashiCorp’s open source and enterprise offerings.

Using HashiCorp Vault with Delphix

To get started, administrators will need to register their password vault within the Delphix platform. Users will then have the option to use the HashiCorp Vault as the authentication mechanism whenever they are linking an environment or database, rather than having to use dedicated hardware credentials.

During vault registration, Hashicorp provides multiple methods for authenticating to the vault itself: certificate, token, and approle. This provides flexibility for enterprise teams (Delphix admins) to work with whatever vault authentication policies that were established in the first place. Watch this demo for a step-by-side walkthrough.

The password vault support enhances Delphix infrastructure authentication security in these four ways.

  1. It eliminates the need to share passwords when adding an environment or linking a dSource as infrastructure credentials can stay with the infrastructure owners.

  2. Teams save time and resources when viewing and inputting credentials.

  3. This capability also removes the need for Delphix to store credentials to maintain connections.

  4. Lastly, it promotes password rotation policies as this can be done in the password vault. HashiCorp automates away most of the headaches associated with key and password rotation. Delphix will connect to the password vault for every session where required.

One critical aspect of password vaults is the ease of rotating credentials without having to manually change anything in Delphix. This is only possible because we never store any credentials on Delphix, if you use password vaults. And every operation that requires authentication to your infrastructure will reach out to HashiCorp to grab the credential every single time.

In summary, the Delphix integration with HashiCorp Vault simplifies the user experience during authentication by minimizing the number of places credentials need to be stored on the Delphix platform and ensures authentication is performed with the highest security standards.

At Delphix, we always strive to take a forward-thinking approach to improving data security in enterprise infrastructure. Our goal is to offer password-less options for any connection we deal with. Look for more enhancements to application security for different data sources—including protecting data in transit and providing additional methods for handling authentication—in the near future.